[14:40:17] --- PaulHoffman has become available
[14:51:44] --- david_partain has become available
[15:00:28] --- david_partain has left
[15:01:59] --- lha has become available
[15:02:10] --- jimsch has become available
[15:02:10] --- stephenfarr has become available
[15:02:15] --- mrichardson has become available
[15:02:53] --- Eliot Lear has become available
[15:03:01] <PaulHoffman> We don't need a Jabber scribe if everyone here in Jabber is also in the room, other than me. I can hear the audio just fine.
[15:03:01] --- hartmans has become available
[15:03:16] --- kanda has become available
[15:03:22] <PaulHoffman> Sam: note that the mic next to you is live. I've been listening to you for the past 10 minutes...
[15:03:32] <Eliot Lear> i'm also happy to NOT be a jabber scribe
[15:04:03] <hartmans> Paul, noticed
[15:04:10] <PaulHoffman> So, who in this Jabber room is not in Vancouver and wants a scribe?
[15:04:18] <hartmans> So, does anyone need a jabber scribe
[15:04:19] --- shep has become available
[15:04:45] <PaulHoffman> As long as everyone talks into the mic, I'm happy.
[15:05:12] --- nov has become available
[15:06:27] <Eliot Lear> ok... i'm going to non-jabber scribe...
[15:06:39] <PaulHoffman> BTW, the audio is at <http://videolab.uoregon.edu/events/ietf/ietf642.m3u>
[15:07:29] --- tlyu has become available
[15:07:32] --- Eliot Lear has left: Logged out
[15:09:13] --- kivinen has become available
[15:09:27] <PaulHoffman> There are no SAAG presentations at <https://onsite.ietf.org/public/meeting_materials.cgi?meeting_num=64>
[15:09:30] --- kivinen has left: Logged out
[15:11:03] --- falk has become available
[15:11:16] --- kivinen has become available
[15:11:39] <hartmans> If anyone presenting has presentations they should jabber me and I can upload.
[15:11:47] --- Ted Faber has become available
[15:12:43] --- Roy Brabson has become available
[15:12:54] --- nico has become available
[15:12:58] <mrichardson> hi Paul. you are remote I think.
[15:13:03] --- Roy Brabson has left
[15:13:50] <mrichardson> presentations getting posting now...
[15:13:54] --- dlpartain has become available
[15:13:58] --- Roy Brabson has become available
[15:14:00] <PaulHoffman> I am indeed remote.
[15:14:01] <PaulHoffman> Thx.
[15:15:25] <hartmans> This network is not ideal
[15:15:50] <nico> big delays
[15:16:30] <PaulHoffman> The audio is working fine; it resyncs for 10 seconds about every 6 minutes, which is what it was like yesterday.
[15:17:40] --- raeburn has become available
[15:17:47] <mrichardson> talk about pkix status. SHA-256 and SHA-512 stuff.
[15:18:01] <mrichardson> something about name constraints and service names as subjectAltNames.
[15:18:10] <mrichardson> kerberos stuff.
[15:18:12] --- pguenther has become available
[15:18:34] --- ogud has become available
[15:19:16] --- ogud has left
[15:19:56] --- Ted Faber has left
[15:23:42] --- nico has left
[15:25:10] --- gregory has become available
[15:26:44] <raeburn> syslog report... concern came up, maybe not going with protocol in i-d but with <> and PRI. dealing with that, then structured data and signing.
[15:26:58] <raeburn> sasl, tom yu...
[15:28:17] <raeburn> base spec new version this week. no objections to wglc on gss mech, but need positive support to go forward. <something...>
[15:28:53] <raeburn> <i'm not managing to keep up, *sigh*; anyone else want to scribe?>
[15:29:47] <raeburn> iana reg for families of mechs, decided delegate to regsitrant.
[15:30:05] <raeburn> make gss mech a family? simon will write text.
[15:30:26] <raeburn> isms.
[15:31:50] <hartmans> I think we have presentations uploaded now or at least the last one is uploading
[15:33:10] <PaulHoffman> Thank you, Sam. They're there.
[15:34:09] <PaulHoffman> BTW, Russ putting his hand over the mic probably works for preventing the people in the room from hearing, but not out here on the net.
[15:34:21] --- Eliot Lear has become available
[15:35:23] --- jschoenwae@jabber.org has become available
[15:35:47] <tlyu> actually the audio leaked into the room PA too
[15:39:19] --- nico has become available
[15:40:05] --- saag has become available
[15:40:19] <nico> kiten
[15:40:27] <nico> since ietf63 two drafts sent to IESG
[15:40:35] <nico> new C# bindings I-D
[15:40:51] <nico> new version of desired extensions to gss for naming, in WGLC
[15:41:21] <nico> this describes the motivation, etc, for the the I-D that describes the actual extensions
[15:41:31] <nico> had a discussion
[15:41:44] <nico> one function was removed (GSS_Inquire_name_attribute())
[15:41:54] <nico> a discussion of negative ACL entries ensued
[15:42:14] <nico> (see the minutes)
[15:42:19] --- jschoenwae@jabber.org has left
[15:42:42] <nico> a discussion about the use of "NAME" in the GSS-API as a type name
[15:42:50] <nico> how it confuses folks
[15:43:14] <nico> a discussion about native types vs. tagged network representation blobs
[15:43:23] <nico> worked on GSS-APIv2 clarifications doc
[15:43:37] <nico> wrote text at the meeting
[15:43:50] <nico> did this due to lack of editors
[15:43:55] <nico> inch
[15:44:03] <nico> quiet, short meeting
[15:44:18] <nico> reqs I-D will be ready for WGLC next week
[15:44:38] <nico> core data model -- two minor issues remaining
[15:44:47] <nico> something about I18N
[15:45:01] <nico> gridwork is done
[15:45:09] <nico> (missed stuff)
[15:45:12] --- raeburn has left: Disconnected
[15:45:39] <nico> something about re-chartering drew Sam H. in
[15:46:09] <nico> mobike
[15:46:27] <PaulHoffman> I guess Jari will give MOBIKE instead of me. :-)
[15:46:32] <mrichardson> he is now.
[15:46:41] <nico> main protocol doc WGLC completed
[15:46:59] <nico> no further issues open
[15:47:08] <nico> will be sending doc to ADs
[15:47:21] <nico> there was a fairly large # of issues in the WGLC
[15:47:30] <nico> only one bits-on-the-wire change
[15:47:46] <lha> "Hello, I'm Love Hörnquist Åstrand and is co-chairing BTNS with Pekka Nikander. BTNS is meeting in after this meeting in Salon 2/3, You are all welcome to come."
[15:47:46] <nico> btns (not met yet)
[15:48:11] <nico> dkim
[15:48:31] <nico> mta-to-mta signing
[15:48:35] <nico> new draft charter
[15:48:41] <nico> threat analysis doc
[15:48:52] <nico> lots of reaction on the floor
[15:48:56] <nico> ...
[15:49:09] <nico> conclusive hum on continuing
[15:49:23] <nico> a WG chartering req to follow
[15:49:26] <nico> emu
[15:49:45] <nico> EAP method development
[15:50:01] <nico> a continuation of part of the SECMECH BoF at IETF63
[15:50:11] <nico> we talked about credential types to be supported
[15:50:24] <nico> asked questions from the room
[15:50:30] <nico> got consensus on:
[15:50:56] <nico> - working on EAP-TLS updates (wait a minute -- thought it was x.509 generically)
[15:51:08] <nico> - stong shared secret
[15:51:09] <nico> s
[15:51:15] <nico> something else
[15:51:16] <nico> ...
[15:51:21] <nico> presentation time
[15:51:43] <nico> Deploying a new hash function
[15:51:51] <nico> (won't scribe the presentation)
[16:00:30] <nico> next presentation
[16:00:46] <nico> IETF Security Area Response to the Hash Function "Breaks"
[16:00:58] <nico> (won't scribe)
[16:02:47] <mrichardson> should we write into our documents, algorithm #9 - NIST suggested algorithm 4. (TBD)
[16:03:32] --- lha has left
[16:09:41] <PaulHoffman> Can someone ask for me: Won't having a protocol with negotiation where we say "use SHA-256 and HMAC-SHA1" be confusing?
[16:10:02] <mrichardson> sorry. come again?
[16:10:14] <mrichardson> I don't understand your question.
[16:10:18] --- raeburn has become available
[16:10:25] <PaulHoffman> I think users will be confused if we mix the two.
[16:10:35] <nico> paul: that question makes no sense
[16:10:44] <mrichardson> oh. users will be confused with HMAC-SHA1 vs SHA-256 is on their UI?
[16:10:50] <nico> noone's asking that hashes and MACs be mixed
[16:11:01] <PaulHoffman> We mix hashes in IKE.
[16:11:19] <PaulHoffman> Michael: yes.
[16:11:29] <nico> oh, i get it
[16:11:43] <nico> using hmac-sha-1 for MACing and SHA-256 for hashing
[16:11:47] <PaulHoffman> This is not a problem for us, it is for user perception.
[16:11:50] <nico> but using one negotiation for both
[16:11:52] <mrichardson> IKEv1: SHA1 is PRF. We use it in the RSA signature mode.
[16:11:58] <PaulHoffman> Nico: exactly.
[16:12:01] <mrichardson> IPsec is all HMAC-SHA1.
[16:12:11] <mrichardson> IKEv2 uses HMAC-SHA1 for authentication of the packets.
[16:12:18] <PaulHoffman> Michael: but we tell users that it is one suite.
[16:12:24] --- jschoenwae@jabber.org has become available
[16:12:32] <mrichardson> oh, the suite stuff gets confusing?
[16:12:42] <mrichardson> maybe we need a new name for HMAC-SHA1?
[16:13:02] <mrichardson> if we called it "Frank", there wouldn't be a problem?
[16:13:17] <PaulHoffman> It isn't confusing if we say "Suite A". It is confusing if we say "use the suite AES-128, SHA-256, SHA-1-HMAC".
[16:13:45] <PaulHoffman> Correct about Frank. I called it "A" in the IKE suite spec.
[16:13:49] <mrichardson> yes, I agree. It's a administrator-interface problem.
[16:13:55] <mrichardson> Frank=HMAC-SHA1.
[16:14:04] <mrichardson> so, it would be AES-128, SHA-256, Frank1
[16:14:04] <PaulHoffman> Feel free to ask at the mic.
[16:15:17] <nico> currently talking about randomized hashing
[16:17:08] <nico> I guess the answer on randomized hashing is "<mumble, mumble, mumble>, er, no"
[16:18:12] <PaulHoffman> Nico: there was much more posturing than mumbling.
[16:18:48] <nico> Tim postured, yes
[16:19:14] <PaulHoffman> No, I was talking about CFRG folks posturing.
[16:19:30] <nico> the other fellow just basically said that it'd be ok in some cases, we don't know all the situations where it is/isn't ok, so ...
[16:19:34] <nico> oh
[16:20:11] <nico> by Tim posturing I mean that he pointed at the consensus at the IETF63 Hash BoF as mostly ruling out anything other than us moving to SHA-256
[16:20:31] <nico> not really posturing -- but I thought that's what you meant. I don't follow CFRG closely enough
[16:20:59] <gregory> the comment about MD5 being used today (kind of, i.e. where and when even used) is the only thing semi-protecting our global routing infrastructure, was made by me.
[16:21:07] <gregory> Sorry, I forgot to say name at mic
[16:21:08] <nico> I'm willing to believe that there was actual posturing there
[16:21:50] <nico> paul is getting channeled at this time
[16:22:05] <gregory> Paul: MR is channeling your comment about naming...
[16:22:16] <gregory> oh, sorry Nico...
[16:22:16] <PaulHoffman> I hear that.
[16:23:03] <PaulHoffman> Thx, Michael.
[16:23:07] <gregory> where do you guys think we should handle the work for IKE?
[16:23:48] <gregory> eliot comments that some WG {X??] needs to be beat up on this hash stuff
[16:23:57] <mrichardson> we can do it (IKE work) as a draft.
[16:23:59] <PaulHoffman> Or, if we can't lead by example, we will know why.
[16:24:03] <mrichardson> in saag.
[16:24:22] <gregory> Russ says, "yeah, uh, we need to get our own house in order first," ie the security Area cleaned up before we go bashing other areas.
[16:24:25] <kivinen> Lets forget IKEv1, and the IKEv2 only has issues with certificates....
[16:24:31] <gregory> Laughter... nervous laughter ;-)
[16:24:52] <mrichardson> we need to write the limitations/issues of IKEv1 and IKEv2, so that it is well stated.
[16:25:06] <mrichardson> I don't have a problem saying that IKEv1 aggressive mode is officially deprecated :-)
[16:25:14] <kivinen> agreed...
[16:25:23] <gregory> maybe we can do the IKEv2 work in Hoffman's clarifications doc? Paul ?
[16:25:30] <PaulHoffman> Of course.
[16:25:38] <PaulHoffman> But we still need to do it for IKEv1.
[16:25:41] <mrichardson> I suggest that it just be posted as a BCP, independant of the other stuff.
[16:25:48] <gregory> mr: neither do I. accept that just about all remote access IPsec today is using it.
[16:25:53] <PaulHoffman> I agree with Michael.
[16:25:56] <gregory> ... in the wild, that is.
[16:26:04] <mrichardson> gregory, good reason to push IKEv2 out :-)
[16:26:14] <mrichardson> the customers will read this document, and then ask for IKEv2.
[16:26:29] <gregory> agread, but we only had 2 vendors actual interop test EAP and CP at the last bake-off. Still too early.
[16:26:44] <gregory> I guess we can suggest to everyone to just use SSL remote access. ;-)
[16:26:50] <mrichardson> consider lead time for BCP to get published, I'm not worried about that.
[16:26:59] <gregory> good point.
[16:27:13] <mrichardson> and, the bigger issue is certificates....
[16:27:19] <kivinen> gregorgy, we had about 4-5 people having EAP, and I think about same amount having some version of CP.
[16:27:39] <mrichardson> and IKEv2 would let us use an insecure certificate for the gateway side.
[16:27:45] <nico> the certs issues make PKINIT (i.e., Kerberos) look good
[16:27:49] <nico> ;)
[16:27:51] <kivinen> and noticing that there is no IKEv1 support for remote authentication or getting ip-addresses at all standardized in the IETF, that is much better situation than with IKEv1
[16:27:52] * nico ducks
[16:28:07] <mrichardson> PKI-NIT.
[16:28:34] <nico> heh
[16:28:59] <gregory> tero: brought EAP and CP, or actually tested it successfully together and got it working?
[16:29:10] <mrichardson> will there be another bakeoff?
[16:29:27] <PaulHoffman> I'm pretty sure ICSA wants another one next spring.
[16:29:42] <kivinen> I think we tested with EAP with 3-4 vendors, and I think we did get most of them through before the end of week...
[16:29:49] <gregory> tero: as with mr, I agree, especially since it will take us 2 years to get a BCP out.
[16:30:11] <PaulHoffman> It doesn't have to take 2 years. 9 months is possible.
[16:30:17] <nico> Uri will be telling us about alternatives to SHA-256
[16:30:41] <nico> and how SHA-256 may need a modification, just like SHA-1's over SHA-0
[16:30:54] <mrichardson> Uri's slides are not online.
[16:30:56] <gregory> [heavy eastern block accent] mmmm, yes. Possible. But not probable.
[16:31:02] <gregory> ;-)
[16:32:50] <mrichardson> that's why I'm not crazy to insert SHA-256 code in, just to drop it.
[16:33:11] <mrichardson> I'd rather use HMAC-SHA1 if we can use that instead. Less broken code to replace. less code to test.
[16:33:23] <mrichardson> more likely to have hardware acceleration.
[16:33:55] <nico> MR: HMAC isn't a mgic bullet as it's function signature is not like a hash's and anyways, it's not a hash
[16:34:43] <mrichardson> please explain to me, "not like a hash"
[16:34:52] <nico> it takes a key
[16:35:07] <nico> where you need a hash there isn't always a suitable key
[16:35:18] <nico> anyways, I want to follow this preso
[16:36:49] <mrichardson> set K=constant, and you have a hash function.
[16:37:19] <nico> right, but is it clear that this is enough?
[16:37:36] <mrichardson> I don't know. I'm simply saying that we can write a function that looks like a hash.
[16:37:45] <nico> sure
[16:37:54] <nico> we can also randomize hashes
[16:38:55] --- frodek has become available
[16:41:32] <PaulHoffman> Modify a hash function == develop a hash function
[16:41:46] --- frodek has left
[16:41:57] <nico> review a hash function modification == develop a hash function
[16:42:07] <PaulHoffman> Right.
[16:42:28] <nico> however, I take this message: watch out, SHA-256 may be a big trap, and it looks like it's a big trap
[16:42:34] <nico> that is scary
[16:42:43] <mrichardson> SHA256 === SHA1++++
[16:42:48] <PaulHoffman> It's a big trap with lots of extra bits, however.
[16:44:34] <PaulHoffman> Yuri didn't present this last week, I don't believe.
[16:44:52] <jimsch> This was not covered in any session at the workshop
[16:46:55] --- pguenther has left
[16:49:47] <nico> MR: Uri gives good reason to be scared besides "we don't know what's coming"
[16:50:12] --- jimsch has left
[16:50:23] <nico> Uri talks about a fundamental feature that makes differential cryptanalysis possible
[16:50:28] <nico> now, maybe he's wrong
[16:50:50] <nico> but I think he's likely right and this makes me nervous
[16:51:22] <nico> Tim's point about hash output size is important
[16:51:56] <nico> but Uri's point is that the diff attack lower bound is so low that the birthday attack is the least of our worries
[16:54:06] <PaulHoffman> I argue with how widely applicable it is.
[16:58:56] --- jschoenwae@jabber.org has left: Logged out
[17:00:25] --- nico has left
[17:01:14] --- stephenfarr has left
[17:01:16] --- tlyu has left
[17:01:26] --- raeburn has left: Disconnected
[17:01:29] --- hartmans has left
[17:01:33] --- nov has left
[17:01:47] <PaulHoffman> And thank you to everyone who actually used the mic!
[17:02:36] --- dlpartain has left: Logged out
[17:02:47] --- shep has left: Logged out
[17:03:16] --- PaulHoffman has left
[17:04:08] --- Roy Brabson has left
[17:04:37] --- gregory has left
[17:05:55] --- Eliot Lear has left: Logged out
[17:06:26] --- kivinen has left
[17:07:28] --- falk has left
[17:16:13] --- shep has become available
[17:20:44] --- saag has left: Disconnected
[17:32:31] --- kanda has left
[17:39:16] --- ogud has become available
[17:42:01] --- shep has left
[17:49:31] --- falk has become available
[18:09:19] --- mrichardson has left
[18:12:43] --- falk has left
[18:19:52] --- ogud has left: Replaced by new connection
[20:59:55] --- dumdidum has become available
[21:04:10] --- dumdidum has left